Hi Team, I am following this repository: <https://...
# help
Hi Team, I am following this repository: https://github.com/cerbos/cerbos-aws-lambda to integrate my application with Cerbos
Copy code
make publish-lambda S3Bucket=<bucket-name>

        Deploying with following values
        Stack name                   : Cerbos
        Region                       : None
        Confirm changeset            : False
        Disable rollback             : False
        Deployment s3 bucket         : None
        Capabilities                 : ["CAPABILITY_IAM"]
        Parameter overrides          : {"ArchitectureParameter": "x86_64"}
        Signing Profiles             : {}

Initiating deployment

Waiting for changeset to be created..

CloudFormation stack changeset
Operation                    LogicalResourceId            ResourceType                 Replacement                
+ Add                        CerbosServerFunctionCatchA   AWS::Lambda::Permission      N/A                        
+ Add                        CerbosServerFunctionRole     AWS::IAM::Role               N/A                        
+ Add                        CerbosServerFunction         AWS::Lambda::Function        N/A                        
+ Add                        ServerlessHttpApiApiGatewa   AWS::ApiGatewayV2::Stage     N/A                        
+ Add                        ServerlessHttpApi            AWS::ApiGatewayV2::Api       N/A                        

Changeset created successfully. 

2024-04-18 17:49:50 - Waiting for stack create/update to complete

CloudFormation events from stack operations (refresh every 5.0 seconds)
ResourceStatus               ResourceType                 LogicalResourceId            ResourceStatusReason       
CREATE_IN_PROGRESS           AWS::CloudFormation::Stack   Cerbos                       User Initiated             
CREATE_IN_PROGRESS           AWS::IAM::Role               CerbosServerFunctionRole     -                          
CREATE_IN_PROGRESS           AWS::IAM::Role               CerbosServerFunctionRole     Resource creation          
CREATE_COMPLETE              AWS::IAM::Role               CerbosServerFunctionRole     -                          
CREATE_IN_PROGRESS           AWS::Lambda::Function        CerbosServerFunction         -                          
CREATE_IN_PROGRESS           AWS::Lambda::Function        CerbosServerFunction         Resource creation          
CREATE_COMPLETE              AWS::Lambda::Function        CerbosServerFunction         -                          
CREATE_IN_PROGRESS           AWS::ApiGatewayV2::Api       ServerlessHttpApi            -                          
CREATE_IN_PROGRESS           AWS::ApiGatewayV2::Api       ServerlessHttpApi            Resource creation          
CREATE_COMPLETE              AWS::ApiGatewayV2::Api       ServerlessHttpApi            -                          
CREATE_IN_PROGRESS           AWS::ApiGatewayV2::Stage     ServerlessHttpApiApiGatewa   -                          
CREATE_IN_PROGRESS           AWS::Lambda::Permission      CerbosServerFunctionCatchA   -                          
CREATE_IN_PROGRESS           AWS::ApiGatewayV2::Stage     ServerlessHttpApiApiGatewa   Resource creation          
                                                          yDefaultStage                Initiated                  
CREATE_COMPLETE              AWS::ApiGatewayV2::Stage     ServerlessHttpApiApiGatewa   -                          
CREATE_IN_PROGRESS           AWS::Lambda::Permission      CerbosServerFunctionCatchA   Resource creation          
                                                          llPermission                 Initiated                  
CREATE_COMPLETE              AWS::Lambda::Permission      CerbosServerFunctionCatchA   -                          
CREATE_COMPLETE              AWS::CloudFormation::Stack   Cerbos                       -                          

CloudFormation outputs from deployed stack
Key                 CerbosServerFunctionAPI                                                                     
Description         API Gateway endpoint URL for Cerbos Server                                                  
Value               <value>                                  

Key                 CerbosServerFunctionIamRole                                                                 
Description         IAM Role created for the Cerbos Server function                                             
Value               <value> 

Key                 CerbosServerFunction                                                                        
Description         Cerbos Server Function ARN                                                                  
Value               <value>   

Successfully created/updated stack - Cerbos in None
As you can see I have been able to deploy Cerbos successfully in AWS Lambda. Now I want to deploy a Next.js application to AWS Lambda. I would like to understand how do I leverage the current setup to attach policies to my Next.js application which I'm deploying using AWS Lambda?
Hi. Please edit your original message and remove the output from Cloud Formation and the link to your lambda. This is a public forum so anyone could see that information and make requests that might cost you money.
I am not sure I quite understand your question. Are you asking how to add policies to Cerbos or how to use Cerbos from your app? If it's the latter, we have several Next.js examples: https://github.com/cerbos?q=nextjs&amp;type=all&amp;language=&amp;sort=
Thank you for letting me know. My question is that I have a Next.js application which works fine on local. I want to push it to AWS Lambda by integrating it with Cerbos. How can I achieve that, could you please guide more on that.
Does your Next.js application -in it’s current state- integrated with Cerbos?
On my local, yes. I run it using docker compose and cerbos also runs, is integrated.
Nice! Then the only step you need to take is to ensure giving the correct host address of your Cerbos instance while initializing the Cerbos JS SDK on your NextJS application.
import { GRPC as Cerbos }  from "@cerbos/grpc";
export const cerbos = new Cerbos("cerbos:3593", { tls: false });
By SDK, is this where the AWS URL for the Cerbos instance must be added, which? And the next step should be to push it to Lambda as a docker image. Please correct me if I'm wrong.
Yes, exactly. You need to change
to your AWS URL for Cerbos. In your local development environment, it should stay the same (
). You could use an environment variable for this.
Note that the lambda deployment requires the use of the HTTP client
Got it. Thank you so much for guiding me.
Okay, I will ensure that I use HTTP client, thank you!